I´m working on digitally sign a pdf, but using a SmartCard, I mean, i don´t have access to private keys.

Also, this is made in java, and I can´t install any drivers on the sistem, so, the comunication with the smart card is based on APDUs.

Today, I´m using iText to do the work, and it´s working, but we need to stop using this libraty.

The process (in JAVA 1.6), is:

Load the pdf file.
Calculate the Digest (how to do that with eldos?)
-- Then, I send the information to the SmartCard, and the calculed signature is reutrned. --
After that, I need to create the PKCS#15 and then insert it in the PDF file.

First of all you'll need our SecureBlackbox Java Edition to perform PDF signing. It includes PKCS#11 implementation (based on JNI). The digests will be calculated and sent to a token automatically. You need to do next:

1) select signing key using TElPKCS11CertStorage;
2) use selected key to sign a document as its shown in our sample that is located in \secbboxjava\Samples\PDFBlackbox\SecurePDF folder.

Quote

After that, I need to create the PKCS#15 and then insert it in the PDF file.

Thanks for your answer. My problem is I can´t use PKCS#11, I don´t have how to access de certificate storage, since I can´t install any dirver on the system, I can´t use it.

I can ONLY send and receive APDUs to the smartcard, so, the pdf process must be done without even knowking the certificate/privateKey to use. This is done externally, using APDUs directly on the smartcard.

I only need to calculate the Digest, from the PDF, and after the external processing (signing), instert the result on the same pdf (ie, insert the pkcs#7 and the visual signature).

I can access the x509 certificate, and store it on the system, but, the signature calculation must be done using APDUS directly on the SmartCard.

Can Eldos do this? at least, calculate the Digest and then insert the result on the pdf?

I can ONLY send and receive APDUs to the smartcard, so, the pdf process must be done without even knowking the certificate/privateKey to use. This is done externally, using APDUs directly on the smartcard.

At the moment, Application Protocol Data Unit (APDU) is not supported by SecureBlackbox.

Quote

I only need to calculate the Digest, from the PDF, and after the external processing (signing), insert the result on the same pdf (ie, insert the pkcs#7 and the visual signature).

Yes, it is possible. For this you would need to use async signing methods (Distributed Cryptography add-on).
Please see Samples\C#\PDFBlackbox\ASPNet_Distributed or Azure samples.
Those samples use an ActiveX, Flex or Java applet to perform signing. But it is possible to obtain a digest value from the async state object, to sign it using your own code and then insert this signature into pdf document.
However, a signature widget should be added to the pdf document prior signing as it also signed.

I have the same scenario, we have ID smart card with skd supported by the ID Authority, they support SingPKCS7 function that sign your input data which is array of bytes and returns detached signature in byte[] format.

My target is:
Append this detached Signature (array of bytes) to PDF.
Extract this signature (array of bytes) from the PDF for verification purposes.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.